Extracted

• • Target

    665a25fe81677103220663a397237e33d3cf2835a4f2376447486c4e09189fc0

  • Size

    742KB

  • MD5

    91c9ea17b096c3b5b012690d69e2f8d6

  • SHA1

    bde6d582771ba0065e6599239243cf86e0d2fe50

  • SHA256

    665a25fe81677103220663a397237e33d3cf2835a4f2376447486c4e09189fc0

  • SHA512

    257534852cff565e3da87df8f785f659c5eccf4bdb5107521e80b72f2c62932c76533f57a08f259989f21581694086d89d710a0f36d36dd9ff42a002e36d79cf

  • SSDEEP

    12288:eN//yfYb5BIQZVth9bNgLmajQ/gsuhqt+GTDXWc1vqJ8HwcThN/n0Y9:uiuBtZvb2LR0/gO7LH1veATHj

  Score

  10^/10

  mysticredlinemonerinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2